Threat Level: green Handler on Duty: Tom Webb

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Merry Christmas to All; More Details on Recent Vulnerabilities

Published: 2004-12-24
Last Updated: 2004-12-25 00:40:58 UTC
by Marcus Sachs (Version: 1)
0 comment(s)
Merry Christmas to All! To all of the Internet Storm Center readers around the world, I want to extend a hearty Merry Christmas, Happy Holidays, and best wishes for the coming year. As you probably know, everybody in the Storm Center family is a volunteer. We've got a few dozen volunteer incident handlers, several thousand volunteer DShield sensor operators, plus countless other people who volunteer their own time in tracking down events on the Internet then email us their analysis and thoughts. Without the tremendous effort put forth by everybody, the Storm Center would not be where it is today. Thanks, Family!!!

I was working on an adaptation of The Night Before Christmas for today's diary, and had planned to call it "The Night Before 0-Day" but since we had a nice release of 0-days yesterday I think I'll save it for next year. Instead, let me offer our readers a corny adaptation of the Twelve Days of Christmas. If you are a true geek and your significant other is still wondering what you would like to see under the tree, try this out:

On the 1100 Day of Christmas, my true love gave to me

- Twelve Months of TIVO

On the 1011 Day of Christmas, my true love gave to me

- Eleven Pentium Processors

On the 1010 Day of Christmas, my true love gave to me

- XM Satellite Radio

On the 1001 Day of Christmas, my true love gave to me

- Nine Linux Servers

On the 1000 Day of Christmas, my true love gave to me

- Eight Mega Pixels

On the 0111 Day of Christmas, my true love gave to me

- Seven Speaker Soundsystem

On the 0110 Day of Christmas, my true love gave to me

- Six-ft Plasma TV

On the 0101 Day of Christmas, my true love gave to me

- Five Sonet Rings

On the 0100 Day of Christmas, my true love gave to me

- Forty GB iPod

On the 0011 Day of Christmas, my true love gave to me

- Three GHz Laptop

On the 0010 Day of Christmas, my true love gave to me

- Two Access Points

On the 0001 Day of Christmas, my true love gave to me

- An iPAQ Pocket PC

More Details on Recent Vulnerabilities. Yesterday we mentioned some new vulnerabilities with proof-of-concept code that affect Windows systems, plus we mentioned the release of Oracle vulnerability details by David Litchfield. We received a number of requests for links to additional information on these issues. Here are a few:

Windows Issues, original notification

http://www.xfocus.net/flashsky/icoExp/index.html


Bugtraq Discussion

http://www.securityfocus.com/archive/1/385332/2004-12-21/2004-12-27/0

http://www.securityfocus.com/archive/1/385340/2004-12-21/2004-12-27/0

http://www.securityfocus.com/archive/1/385342/2004-12-21/2004-12-27/0


Oracle Issues

http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0052.html

http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0053.html

http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0056.html

http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0057.html

http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0058.html

http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0059.html

http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0060.html

http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0061.html


One more just to make your weekend phun

Automated Windows XP SP2 Remote Compromise http://freehost07.websamba.com/greyhats/sp2rc-analysis.htm





Marcus H. Sachs

Director, SANS Internet Storm Center

Handler on Duty

Keywords:
0 comment(s)
Diary Archives